|Publication number||US5293323 A|
|Application number||US 07/782,191|
|Publication date||Mar 8, 1994|
|Filing date||Oct 24, 1991|
|Priority date||Oct 24, 1991|
|Also published as||CA2077772A1|
|Publication number||07782191, 782191, US 5293323 A, US 5293323A, US-A-5293323, US5293323 A, US5293323A|
|Inventors||Douglas C. Doskocil, Alan M. Offt|
|Original Assignee||General Electric Company|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (6), Referenced by (94), Classifications (10), Legal Events (7)|
|External Links: USPTO, USPTO Assignment, Espacenet|
The subject invention was made with Government support under Contract No. F33657-86-C-2144 awarded by the USAF. The U.S. Government has certain rights in this invention.
The present invention relates to diagnostic testing methods and, more particularly, to methods for determining the confidence level of any detected and corroborated persistent fault.
In system engineering usage, a fault may be defined as any physical condition which causes an object to fail to perform in a required manner; thus, a failure is an inability of an object to perform its desired function. Failures are detected by evaluation of test results, i.e. the results of comparing a measurement (itself defined as a sample of a signal of interest) to some predetermined operational limits. The primary objective and challenge of a diagnostic system then is to obtain simultaneous high levels of both the coverage and accuracy of fault detection in a system being diagnosed. In fact, a fault detection (FD) effectiveness parameter can be defined, as the product of fault detection coverage and fault detection accuracy, and is a measure of the diagnostic system's ability to detect all potential faults. It is desirable to simultaneously increase the probability of detecting faults in equipment when a fault exists, while reducing the probability of declaring a fault when one does not exist. Increased fault detection, the ability to detect more faults than a previous capability, can be the result of either increased fault coverage, e.g. the presence of more test points in the same equipment, or greater detection accuracy, e.g. the implementation of better tests or processing. Conversely, decreased fault detection leads to missing more real faults, and is almost never desirable.
A false alarm is defined as a fault indication (by Built-In Test or other monitoring circuitry) where no fault exists. However, the user community extends the definition of false alarm to include activity which does not correct the causative fault; this may be actions such as isolating a fault to the wrong module or the inability to reproduce the fault during maintenance. Both false alarms actions result in maintenance actions which do not correct the actual fault; the user's perception is that the causative fault does not exist. Similarly, detection of a temporary or transient real fault is also considered an error. Consider the fault isolation process as applied to an aircraft: if a real fault is detected while the plane is in flight, but cannot be duplicated during ground maintenance, then the maintenance staff considers that fault to be a false alarm. Such a condition is most often caused by intermittent behavior of the system in use, and due to factors including overheating, part fatigue and corrosion, poor calibration, noise and the like. Since the plane is not stressed in the same manner while on the ground, these temporary real faults either disappear or cannot be duplicated; however, continued use of the unrepaired plane is not always a desirable alternative.
Due to the possibility of serious consequences if faults are not properly diagnosed, there have been many past attempts to provide diagnostic systems with ever increasing levels of fault detection effectiveness. Some systems have tried to increase effectiveness by changing test limits and, in some cases, by checking for repeated results. Changing test measurement limits generates mixed results in a system having measurement variations. Noise in either, or both, of the system-under-test (SUT) and the associated diagnostic system, can cause proper measurements, taken in a correctly operating system, to lie in the region of assessed failures, while similar measurements of a failed system may lie in the region of correct operation.
If it is desired to increase fault detection by tightening test limits (e.g. allowing a smaller measurement variation from the mean value before existence of a fault is declared), then the test threshold must move toward the mean value of the measurement. However, since more noisy measurements lie outside the limit of correct operation, the resulting diagnostic system will declare more false alarms. Conversely, to decrease false alarms by changing only a measurement limit will allow more measurement variation (e.g. allow movement of the test limit farther from the measurement mean value) before declaration of a fault condition occurs. However, use of this fault threshold location decreases the diagnostic system's ability to detect a fault, since a noiseless measurement would have to deviate more from its intended location for correct operation before a fault is detected. Accordingly, a new technique is required to simultaneously increase fault detection while reducing false alarms. This new technique is desirably compatible with new, multi-level, integrated diagnostic systems and also desirably capable of an increased probability of detecting faults while reducing, if not eliminating, false alarms and intermittent real faults. Thus, we desire to provide a new method for fault diagnosis which will substantially reduce or eliminate the effects of intermittent faults, noisy measurements, potential false alarms, and out-of-tolerance conditions, while providing flexibility of system changes and implementation in a standardized architecture (capable of replication and similar usage in different system portions and the like). Finally, the high level of Fault Detection without False Alarms must be made in a timely manner in order to facilitate operator and system response to the failure. It is therefore not acceptable to perform extensive post-processing of a test result if such processing will require use of time beyond the system time constraints.
Many different diagnostic concepts have previously been tried and found wanting:
a. Treed Fault Analysis--is the traditional, deductive fault analysis method. Tests on the prime item are run sequentially to verify that inputs, power supplies voltages and other equipment states are correct so that a fault may be isolated. Fault isolation flows deductively from an observed or measured failure indication through a sequential set of tests that searches and sequentially eliminates all equipment faults that could have produced that indication. Decisions are made on a binary Pass/Fail basis: if a test passes, one deductive path of two is taken. If the test fails, another deductive path is taken. In both decision legs, more tests are performed and (binary) decisions made until only one fault could have caused the failure indication. Our new fault diagnosis methodology will differ from a Treed Fault Analysis (TFA) in three primary areas: the new method will use a graded fault indication, called a confidence measure, instead of a binary Pass/Fail decision; the deductive part of our new method will operate in parallel fashion rather than in the sequential form of the TFA; and the deductive part of our new method will numerically combine the graded indications of a fault to arrive at a decision rather than use a test Pass/Fail indication to make decisions.
b. M of N Fault Filtering Decisions--is a first generation method of filtering fault indications that are gathered serially from the same test point in order to make a fault decision. N samples of the equipment's state are gathered (generally in a sliding window); if M of these N samples indicate a failed test (measurement outside a limit), then the decision is made that a real failure has occurred. For example, if M=3 of N=5 samples indicate a failure, then the test has failed. Notice that the false alarm reduction method of forcing a test to pass three consecutive times before declaring a fault falls into this category. Our new diagnostic method differs from M-of-N processing at least by utilization of a different process for the persistence analysis of serially-gathered data; we utilize operations unknown to the M-of-N processing form, such as averaging of multiple-sample differences and the like.
c. Module Intelligent Test Equipment (MITE)--is a diagnostic concept, developed as the Automated Systems Department of General Electric Company, that diagnoses the health of equipment by looking for correct operating states of the prime equipment, rather than by looking for faults and fault symptoms. Decisions are made from the combined probability of failure obtained from test results to assess equipment states. Among other objectives, this method attempts to prevent an improper fault diagnosis when a fault and its symptoms have not been identified in a Failure Modes and Effects Critical Analysis (FMECA). We have retained the use, during fault detection, of correct operating states as a basis for decisions, but then utilize the new concept of confidence measure, rather than a probability of failure indication.
d. Abductive Reasoning--is a model-based diagnostic method apparently originated by Abtech Corporation of Charlottesville, Va. In its execution, abductive reasoning samples the input and output states of an equipment being diagnosed. These input states are then passed through the equipment model; the outputs of the model are compared to the actual output samples from the equipment being diagnosed. If the differences between corresponding equipment and model outputs are sufficiently large, a fault is declared. This approach may be unique in the architecture of the model (a multiple-input, multiple-output, third-order, cross-coupled-input polynomial), and the AIM program which generates model information about the equipment to be diagnosed, by calculating the coefficients of the polynomials from expected output states of the equipment being diagnosed when the equipment is presented with a range of inputs. Models may be developed at different levels and combined to synthesize more complicated models. We prefer to not use a model as the basis of our diagnostic system.
e. Diagnostic Expert Systems--are computer programs that logically combine operational and fault information about the system in order to diagnose equipment faults. The decision-making process (i.e. hypothesize a fault and then search for the system states that can cause that fault, or observe symptoms and then search for faults that match those symptoms) is part of the expert system software. The information used to reach decisions and the symptoms that are associated with a fault are entered into tables. The software operates on this table-resident data to make logical conclusions based on the state of the SUT equipment. We will continue to operate on information tables in our new method, but will, at least, add numerical and local combinations the graded indication of equipment states, to arrive at our fault decisions.
f. Neural Networks applied to Diagnostic Systems--are a relatively new form that combines diagnostic information, represented at a very low-level (i.e. digital bits) and makes a decision based on (bit) pattern recognition techniques, which we prefer not to use in our new method.
In accordance with the invention, a DCMA method for operating a diagnostic processor (a microcontroller or general purpose computer, which is either embedded in portions of the system-under-test or is resident in its own module and connected to the SUT) interacts with the system-under-test through test points and other (inherent or unique) monitoring devices within that system. The method for diagnosing the failure condition during operation and maintenance of the associated system, using a plurality of system test points, comprising the steps of: performing a sequence of each of a plurality of individual tests upon the system to evoke a like sequence of responses at a designated configuration of test points; determining a persistence factor T for a sequential set of a plurality N of at least one selected test response; converting the T factor to a confidence measure CM for that set of sequential test responses; determining at least one failure mode based upon all of the selected test responses; and corroborating the determined failure mode by comparison to other data obtained from the system, prior to reporting the existence of that mode for the system.
FIG. 1 is a schematic block diagram of a system under test and interconnected with a diagnostic processor, utilizing the novel methods of the present invention;
FIG. 2 is a graph illustrating the noise-included probability density functions of failed and correctly-operating systems;
FIGS. 3a-3c are graphic examples of how different degrees of persistence can operate with differing measurements to obtain different degrees of test confidence;
FIG. 4 is a test method logic flow diagram for the method of the present invention;
FIG. 5a is a schematic block diagram of a portion of a system to be tested for illustration purposes using the present invention; and
FIGS. 5b and 5c are time-coordinated graphs respectively illustrating a series of measurements and the Confidence Measures evaluated for a running set of N of those measurements.
Referring initially to FIG. 1, a diagnostic processor 10 may be a microcontroller, microcomputer or other general purpose computational element or hard-wired subsystem and the like, programmed to carry out our novel DCMA method, as hereinbelow described, on a system 11 under test (SUT). The system receives system inputs at an input port 11a and provides, responsive thereto, system outputs at an output port 11b; during operation, the system provides various test signals, each at an associated one of a plurality N of test points TP1-TPn. Each test point is coupled to a corresponding one of test outputs 11-1 through 11-n, and thence to a corresponding one of test inputs 10-1 through 10-n of the diagnostic processor. The processor may also receive timing and test state number inputs via a timing input port 10a. The processor performs a failure mode evaluation, to assess whether or not a failure has occurred in the system (and the prevailing system conditions if there is a failure), and provides its results and a measure indicative of the confidence in that evaluation, at an output port 10b, for subsequent use as desired.
Referring now to FIG. 2, it will be seen why the confidence measure, which is a numerical result used to represent both the persistence and corroboration of failure evaluation results, in used to reduce the susceptibility of the diagnostic process to noise effects. The graph has an abscissa 14 scaled in terms of test value, with an ordinate 15 scaled in terms of the probability ρ of any particular test value occurring for a particular test. Curve 17 is the well-known Gaussian probability density function of any one test result occurring in a properly operating real system (i.e. a system having some normal, non-zero, amount of noise); the bell-shaped curve 17 peaks at the expected mean value 17m of the test result. If a threshold value 18 is used to establish a pass-fail test criterion (i.e. with test passage for all values above value 18 and test failure for all values below value 18), then there will be a region 17a in which a failure may be diagnosed, due to noise effects, even through the system, by definition, is operating correctly--area 17a represents undesired false alarms. Similarly, on a curve 19 of the probability density function of test results in a known-failed system, the system noise will likely cause failure-signals to be detected as values falling in a portion 19a which results in undesired test passage. Thus, one sees that it is highly desirable to reduce, if not remove, the effects of test value noise on the diagnostic process.
One proposed solution to the noise problem is to average a set of several measurements for the identical test condition. As seen in FIGS. 3a-3c, there is a further problem in the confidence which one can place on any set of results: the measurement acceptability area 20a is bounded by both an unacceptable area 20b, for out-of-limit results below a lower limit 21a of operation, and an unacceptable area 20c, for out-of-limit results above an upper operational limit 21b. The proximity of the plural test measurements 22 to either limit 21 is not the only characteristic to be considered. Thus, both set 22 (FIG. 3a) and set 23 (FIG. 3b) have the same average value (with a set mean value 22m or 23m at the same distance D from the center value 21c of the acceptable band 20a, but set 22 has a relatively small measurement error band ε, caused by noise and the like, while the measurement error band ε' of set 23 is larger (i.e., ε<ε') than set 22. Based on the greater possibility of a noise-induced false alarm in the wider error band of set 23, we say that we have a " low" confidence for set 23, i.e. have lower confidence that set 23 has measured a passing value within allowable limits, and have a "high" confidence for set 22, i.e. have higher confidence that set 22 has measured a passing value within allowable limits. Similarly, for another set 24 (FIG. 3c) of an equal number of measurements of the same parameter, with an error band ε" about as big as that of set 23, i.e. ε"≈ε', we can say that we have high confidence for set 24 and low confidence for set 23, because the set 24 mean value 24m is so much closer to the within-limits center value 21c, i.e. the difference D' between values 24m and 21c is less than the set 23 mean value 23m-center value 21c distance D and is D' is much less than the within-limits tolerance band half-distance (value 21c to limit 21a or 21b). Thus, the confidence in a measurement set should be related to the persistence of the measurements, and is a combination of at least noise and separation factors.
In accordance with the invention, we utilize several new processing methods to reduce false alarms and increase fault detections; we call the general methodology "Diagnostics by Confidence Measure Assessment" (DCMA). Several features we have developed are:
1. The use of a confidence measure as a test result indication.
2. The use of specialized persistence processing on many test results from a single source.
3. The use of specialized corroboration processing on many test results from different sources.
Our Confidence Measure (CM) is a numerical indication, between -1 and +1 defining how well a test passes its limits of operation (when CM is a positive value) and/or how well a test detects a specific failure (when CM is a negative value). Thus, a resulting CM of -1 indicates that a test has been failed with 100% confidence, while a CM of +1 indicates that there is 100% confidence that the passing of a test was correct.
The intent of the Confidence Measure is to provide a graded indication of test results so that the state of a unit may be interpreted more accurately than just a Pass or Fail. In addition, it provides a mechanism with which to combine many test results, using corroboration processing, in order to provide a more accurate assessment of a unit's health.
Persistence is defined as the DCMA process of using more than one sample of a test results from a single source to calculate a confidence measure in the conclusion inferred from the test being carried out.
Persistence tends to produce a stable measurement and indicate the certainty that a set of measurements of the same parameter, at the same test point, are within operating limits, so as to eliminate both short-term intermittencies and measurement noise. Persistence may be a serial evaluation of measurements obtained from the same source.
Referring to FIG. 4, the diagrammed step-by-step flow of a presently preferred embodiment of our method is commanded to start (step 26) and then enters the individual testing subroutine 28, wherein, for each one of a plurality M of different tests, various inputs stimulate (step 30) the SUT, so that responses can be measured (step 32) at the various test points TPi, for 1≦i≦n. Each test can be a standardized implementation, with a set-up selected to exercise certain preselected paths through each equipment with known stimuli, using predetermined built-in-test (BIT) configurations. Each measured response is a signal of interest which is compared (step 34) to the known value for a fully-operational SUT; the difference results are normalized to test limits and reported (step 36) to the persistance subroutine 38 as one of a stream of measurements.
Persistence processing occurs for each individual test; in the illustrated embodiment, a specific persistence processing method operates on the last "N" test result samples of the stream. The number of samples and the operational limits can be standardized, in accordance with predetermined parameter tables. During processing, the average of the last N measurements, using the present sample and the (N-1) previous samples, is calculated and subtracted from the closest limit NL of correct operation (steps 40 and 42); the same result can be obtained, with greater difficulty in implementation and execution, by reversing the order of operations and subtracting each measured value from its nearest limit before averaging the differences. At the same time, a standard deviation σ from this average difference is calculated (step 44) for the same "N" samples. A T value is calculated (step 46) by dividing the resultant average difference by the standard deviation σ and multiplying the result by the square root of the number of samples. The calculated T value is converted to a confidence measure CM (step 48) by using a prestored parameter look-up table (step 50) which maps ranges of T values to confidence measures associated with the specific test.
T=[(AVE(M)-NL, over N samples)/σ(M)]*√N
CM is the confidence measure in the test result
T is an intermediate T measure
M is the measured sample from the SUT
NL is the limit of correct operation that is nearest the measurement in the range of operation
N is the number of sequential samples
f() is a table whose contents maps T values to Confidence Measures.
The speed and resulting confidence of this persistence technique can be adjusted by changing the number N of samples used to make a decision and the threshold NL of hypothesizing a fault. Thus, persistence processing of "raw" measurement samples tends to eliminate intermittent fault indications, compensate for measurement "noise" and provide a variable test reporting latency dependent upon both noise level and proximity of the measurement to its acceptable operational limits, with a confidence value result dependent upon the all of these factors.
Corroboration is defined as the DCMA process of using more than one sample of test results from different sources to calculate a confidence measure in the conclusion drawn from a SUT failure. Generally, more than one positive test result is needed for the corroboration process to produce a high-confidence result. If two test points are sequentially located along a test route, then using corroboration one may say that the route has failed when test results indicating that the signal measured at both of the sequential test points has failed with high confidence.
The totality of test results TRj, for 1≦j≦M, can be combined, often with parallel processing, to find at least one failure mode FMk, for 1≦k≦R, by passage through a predetermined failure mode/test results matrix 52, based on the test results TRj which indicate that at least one failure has occurred. One of the failure modes can be the absence of failures. These various failure mode indicators FMk are processed in subroutine 54 for reportage of corroborated FMs. Subroutine 54 arithmetically and logically combines these test results, represented by confidence measures, to generate a numerical evaluation (the confidence measure, between -1 and +1) about the status of that failure mode. The process (step 56) of combining test results uses mathematical operators (+, -, *,/), logical operators (AND, OR, NOT, COMPLEMENT), and constants as tools to detect and verify faults, along with data as to which test source was used to produce the current response data. The result of this combination is then compared (step 58) to a pre-defined threshold. If the result exceeds the threshold (a YES decision), step 60 is entered and a failure is declared via a Failure Report Rx, so that an action associated with this Rx indication can be executed. If all Failure Mode assessements indicate that no faults are present, then a periodic "No Faults" report is sent (step 62) and the subroutine made to return to its beginning, to corroborate the next set of failure mode data received from the matrix 52. If the result does not exceed the threshold (a NO decision), step 64 is entered and a "No Fault" indication is kept enabled for this set of failure modes, and the action will be returned to corroborate the next failure mode found.
A separate Corroboration process must be designed for each system failure mode, by choosing candidate test results for evaluation of each different mode (test with different source, etc.) and then developing methods to combine these test results to reach a failure conclusion. The various combinations of all failure modes may be grouped into the matrix 52 format as part of the DCMA. The matrix is a convenient method to mangage all of the known failure modes. If all test results for a built-in test (BIT) level are arranged in columns of the matrix and failure modes for the same BIT level were arranged in rows of the matrix, then entires in the body of the matrix will "mark" those test results which contribute to verifying any one failure mode, where each row in the matrix is a test vector of results (confidence measures) which uniquely identifies a failure mode. The mechanics of corroborating reports combines confidence measure entries in the failure mode/test results matrix to validate faults and detect out-of-tolerance conditions. An example of such a matrix (containing numerical test results) is:
______________________________________ Test Results TR1 TR2 TR3 TR4 . . . TRn______________________________________FailuresFM1 -0.2 0 +0.7 0FM2 0.3 -0.8 0.5 +0.1FM3 0.5 0 -0.5 -0.7______________________________________
Thus, FM1 (the first failure mode) uses the first and third test results (TR1 and TR3) to verify this mode, FM2 (the second failure mode) uses the first four test results TR1 through TR4 to verify a failure, and so forth. Any intersection, of a failure mode row and a test result column, which is without a confidence measure or which has a zero quantity therein indicates that the particular test result is not required to reach that failure mode decision. This matrix gives a quick, visual method to determine if all failures can be isolated by a unique set of tests.
Corroboration processing comprises combining test results (confidence measures) using arithmetic operators, logical operators and constants as specified in a Failure Mode defining statement or equation, which we call a Failure Mode Operator Line. This line may operate on test results of one failure mode in a stack oriented process as specified by pointers to test results, operator tokens, constants and evaluation criteria listed on the line. An Operator Line results is a numerical value which is compared to the evaluation criteria to make a failure mode decision and generate the confidence measure CM value in that decision. In comparison to a binary process, the combination of low confidence in a number of test results which have just passed their limits of correct operation could be combined to correctly assess a system failure since the graded confidence in each test contributes to the failure mode evaluation procedure. It will be understood that common Algebraic method, reverse Polish negotiation or any other desired method can be used for the Operator Line calculations.
Corroboration operates in two modes: foreground and background. The foreground mode is evoked when a received test report indicates a failure (negative confidence measure). That test report would then be used as an index that points to all failure modes in the Failure Mode/Test Results matrix which use that test result as an entry. Corroboration processing then evaluates this restricted subset of failure modes to quickly corroborate the reported failed test indication using all other required test reports.
In the background mode, corroboration processing operates on the present test result entries in the matrix to assess potential out-of-tolerance conditions. In this mode, it sequentially evaluates all failure modes to determine if the combination of test results in any one failure mode indicates degraded (or failed) performance. With a view of operating in this mode, the failure mode/test results matrix might best be called a functional operation matrix and could be thought of as containing values of correct SUT operation rather than values which indicate failures.
In either mode, if a corroborated system failure report R is issued from step 60, a predetermined course of action (system shut-down, manual intervention request, automatic switch-over to redundant subsystem, and the like actions) can be carried out, as part of subsequent step 60.
Referring now to FIGS. 5a-5c, we consider the problem of confidence and persistence in a set of measurements of a subsystem powered by an intermittent power supply. An equipment 70 has a plurality S of sensor means 72, such as sensors 74-1 through 74-S, each powered by its own power supply means 76, such as means 76-1 through 76-S; control inputs to each sensor and output of sensed data from each sensor is provided through an associated interface INTF means 78-1 through 78-S. Each of the units (sensor 74, power supply 76 and INTF means 78) may have a built-in-test controller BITC means 80, to establish test conditions, so that test result data can be provided from associated test points 82, responsive to commands on a common test and measurement (T&M) bus 84. The sensors provide their information to a sensor-data-processing subsystem 86, including a built-in-test subsystem processor 88, coupled to all of the BITC units 80 via T&M bus 84, and a subsystem power supply 90, providing operating potential(s) to all of the various subsystem stages 92-98. Each of the main interface MITF means 92 and the subsequent A1, A2, A3, . . . stages may have a BITC means 80, and have test points 82-a, . . . , 82-h, . . . 82-p, . . . from which data is sent to test processor 88, which includes the functions of diagnostic processor 10 and the DCMA methodology.
The operating +5 volt DC power to stage A2 is monitored by the 82-h test point "h", which, for a sequence of twenty test/measurement intervals, sends back the measurement data represented by datums 100-1 through 100-20 in FIG. 5b; note the intermittent nature of measurement 100-7 (perhaps caused by a noise "spike" at the A2 power input terminal). Having predeterminately chosen a sample size N=8, the confidence measure CM for a traveling N sample set has a different persistence for N measurement intervals after the intermittent measurement 100-7, and (as shown in FIG. 5c) higher CM levels 102-a (prior to the intermittent datum 100-7) are changed to the lowered level 102-b of the Confidence Measure for N(=8) intervals after receipt of the spike; the CM level 102-c returns to a higher level once the effect of the spike's disturbance on the persistence is removed by the sample size traveling beyond the out-of-limit measurement. By way of illustration only, if the measurements 100-1 through 100-6 and 100-8 through 100-20 all range from about 5.12 to about 5.18 VDC and the nearer upper limit 104 is set at +5.5, then the high confidence measure level 104a and 104c is about +0.8 for a T value of (5.5-5.15)/(0.125)*√8≈7.9; responsive to a voltage spike 100-7 of about 6.0 VDC, the T value drops to (5.5-5.325)/(0.17)*√8≈3.0 and the Confidence Measure falls to the lower level 102-b of about +0.3, for the eight measurement intervals associated with measurements 100-8 through 100-15. The persistence can be easily interpreted by reference to the following chart:
______________________________________P value Measurement Status Report______________________________________ +1.0 Stable and Inside Limits "Good≈+0.7 Within 3σ of variation inside Health" limits for≈+0.6 Inside of, but close to, limit +1 ≧ P ≧ +0.3≈+0.3 Send≈+0.1 Has variation greater than the result to average difference from limit Corrobo- 0.0 Recently changed significantly ration for≈-0.1 Oscillating significantly further≈-0.3 analysis≈-0.6 Outside of, but close to, limit Test≈-0.7 Within 3σ of variation outside failure limits for -1.0 Stable and outside limits -0.3 ≧ P ≧ -1______________________________________
The above example illustrates the use of DCMA method Persistence and Confidence Measure aspects; the same system of FIG. 5a will be used to illustrate the Corroboration aspect features of multiple test result use for evaluation of failure mode status, failure verification via information obtained from various locations in a module/subsystem/system, fault isolation, conclusion production from a set of low-confidence test results, the foreground mode evaluation of failure modes which use a reported test and the background mode continuous evaluation of all failure modes to determine possible out-of-tolerance conditions. Detection of a fault is illustrated by detection of the failure of the A1 assembly output by the out-of-limit test response at test point 82-c, and the subsequent corroboration by measurement of an out-of-limit condition oat the A2 input test point 82-e. Isolation of a fault can be illustrated, for the failure of assembly A2, by testing the A2 input, at test point 82-e and determining that the signal there is within limits, then corroborating this "okay" condition by determining that the module control signal at A2 control test point 82-f is also correct; when the A2 output amplitude test point 82-h is measured and found to be outside the limits of normal operation, and corroborated by testing the next assembly A3 input amplitude at test point 82-k and determining operation there is also outside of limits, the fault is isolated to assembly A2. If the conditions at respective test points 82-e, 82-f, 82-g and 82-k are respectively named TRa, TRb, TRc and TRd, then a Failure Mode Operator Line (FMOL) for this isolation example can be written as:
[MAX of(MIN(NEG(2*Tra+Trb)/3) OR 0.0)]
[MAX of(Trc OR Trd)]<-0.7
where the test results TRx, for a≦x≦d, are the Confidence Measure values for that particular test point response. The following table is one example illustrating the use of Corroborative processing, with only those corroborated CMs less than -0.7 being assessed as faults (note that in this example, only a failed output test will result in reportage of a fault):
__________________________________________________________________________FMOL: MAX OF(MIN (NEG((2*TR1 + TR2)/3) OR 0.0) OR MAX OF(TR3 OR TR4)<-0.7IN ORDER OF EXECUTION: TR1, 2, *, TR2, +, 3, /, NEG, 0.0 MIN, TR3, TR4 MAX, MAX: <-0.7FAILURE MODES:NO FAILURE +0.7 2 1.4 +0.7 +2.1 3 0.7 -0.7 0.0 -0.7 +0.7 +0.7 +0.7 +0.7OUTPUT FAILS +0.7 2 1.4 +0.7 +2.1 3 0.7 -0.7 0.0 -0.7 -0.7 -0.7 -0.7 -0.7INPUT FAILS -0.7 2 -1.4 +0.7 -0.7 3 -0.2 +0.2 0.0 0.0 -0.7 0.0 +0.0 +0.0CONTROL FAILS +0.7 2 +1.4 -0.7 +0.7 3 +0.2 -0.2 0.0 -0.2 -0.7 -0.2 -0.2 -0.2BIT MONITOR FAILS +0.7 2 +1.4 +0.7 +2.1 3 0.7 -0.7 0.0 -0.7 -0.7 +0.7 +0.7 +0.7__________________________________________________________________________
While several examples of our novel DCMA methodology are described herein, those skilled in the art will now understand that many modifications and variations can be made within the spirit of out invention. It is therefore our intent to be limited only by the scope of the appending claims and not by way of details and instrumentalities presented by way of description of the exemplary embodiments.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US4517468 *||Apr 30, 1984||May 14, 1985||Westinghouse Electric Corp.||Diagnostic system and method|
|US4644479 *||Jul 31, 1984||Feb 17, 1987||Westinghouse Electric Corp.||Diagnostic apparatus|
|US4847795 *||Aug 24, 1987||Jul 11, 1989||Hughes Aircraft Company||System for diagnosing defects in electronic assemblies|
|US4985857 *||Aug 19, 1988||Jan 15, 1991||General Motors Corporation||Method and apparatus for diagnosing machines|
|US5099436 *||Nov 3, 1988||Mar 24, 1992||Allied-Signal Inc.||Methods and apparatus for performing system fault diagnosis|
|US5130936 *||Sep 14, 1990||Jul 14, 1992||Arinc Research Corporation||Method and apparatus for diagnostic testing including a neural network for determining testing sufficiency|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US5381417 *||Jan 25, 1993||Jan 10, 1995||Hewlett Packard Company||Circuit testing system|
|US5500941 *||Jul 6, 1994||Mar 19, 1996||Ericsson, S.A.||Optimum functional test method to determine the quality of a software system embedded in a large electronic system|
|US5508941 *||Sep 30, 1994||Apr 16, 1996||Alcatel N.V.||Network with surveillance sensors and diagnostic system, and method of establishing diagnostics for the network|
|US5566091 *||Jun 30, 1994||Oct 15, 1996||Caterpillar Inc.||Method and apparatus for machine health inference by comparing two like loaded components|
|US5570376 *||Oct 5, 1994||Oct 29, 1996||Sun Microsystems, Inc.||Method and apparatus for identifying faults within a system|
|US5655074 *||Jul 6, 1995||Aug 5, 1997||Bell Communications Research, Inc.||Method and system for conducting statistical quality analysis of a complex system|
|US5768501 *||May 28, 1996||Jun 16, 1998||Cabletron Systems||Method and apparatus for inter-domain alarm correlation|
|US5799148 *||Dec 23, 1996||Aug 25, 1998||General Electric Company||System and method for estimating a measure of confidence in a match generated from a case-based reasoning system|
|US5819028 *||Apr 16, 1997||Oct 6, 1998||Bay Networks, Inc.||Method and apparatus for determining the health of a network|
|US5835886 *||Apr 28, 1997||Nov 10, 1998||Siemens Aktiengesellschaft||Method for analyzing a measurement value and measurement value analyzer for carrying out the method|
|US5838561 *||Sep 23, 1996||Nov 17, 1998||Pulp And Paper Research Institute Of Canada||Automatic control loop monitoring and diagnostics|
|US5923834 *||Jun 17, 1996||Jul 13, 1999||Xerox Corporation||Machine dedicated monitor, predictor, and diagnostic server|
|US5949676 *||Jul 30, 1997||Sep 7, 1999||Allen-Bradley Company Llc||Method and system for diagnosing the behavior of a machine controlled by a discrete event control system|
|US5950147 *||Jun 5, 1997||Sep 7, 1999||Caterpillar Inc.||Method and apparatus for predicting a fault condition|
|US5950183 *||Jun 2, 1995||Sep 7, 1999||Komatsu Ltd.||Cause inferring device|
|US6000045 *||Jun 8, 1998||Dec 7, 1999||Cabletron Systems, Inc.||Method and apparatus for inter-domain alarm correlation|
|US6059451 *||Mar 20, 1997||May 9, 2000||Texas Instruments Incorporated||Method for improving fault coverage of an electric circuit|
|US6173418 *||Apr 13, 1998||Jan 9, 2001||Hitachi, Ltd.||Computer for gathering log data|
|US6195763 *||Jun 1, 1998||Feb 27, 2001||Robert Bosch Gmbh||Fault diagnostic device and method|
|US6205563||Dec 6, 1999||Mar 20, 2001||Cabletron Systems, Inc.||Method and apparatus for inter-domain alarm correlation|
|US6430712 *||Mar 19, 2001||Aug 6, 2002||Aprisma Management Technologies, Inc.||Method and apparatus for inter-domain alarm correlation|
|US6442511 *||Sep 3, 1999||Aug 27, 2002||Caterpillar Inc.||Method and apparatus for determining the severity of a trend toward an impending machine failure and responding to the same|
|US6480809 *||Sep 23, 1999||Nov 12, 2002||Intel Corporation||Computer system monitoring|
|US6532426||Sep 17, 1999||Mar 11, 2003||The Boeing Company||System and method for analyzing different scenarios for operating and designing equipment|
|US6574537||Feb 5, 2001||Jun 3, 2003||The Boeing Company||Diagnostic system and method|
|US6618691 *||Aug 28, 2000||Sep 9, 2003||Alan J Hugo||Evaluation of alarm settings|
|US6636841||Mar 23, 1998||Oct 21, 2003||Cybula Ltd.||System and method for telecommunications system fault diagnostics|
|US6785636 *||Mar 10, 2000||Aug 31, 2004||Siemens Corporate Research, Inc.||Fault diagnosis in a complex system, such as a nuclear plant, using probabilistic reasoning|
|US6868319||Feb 26, 2003||Mar 15, 2005||The Boeing Company||Diagnostic system and method|
|US6882963||Aug 15, 2002||Apr 19, 2005||Intel Corporation||Computer system monitoring|
|US6907430||Oct 4, 2001||Jun 14, 2005||Booz-Allen Hamilton, Inc.||Method and system for assessing attacks on computer networks using Bayesian networks|
|US6909960 *||Oct 31, 2002||Jun 21, 2005||United Technologies Corporation||Method for performing gas turbine performance diagnostics|
|US6966015||Mar 22, 2001||Nov 15, 2005||Micromuse, Ltd.||Method and system for reducing false alarms in network fault management systems|
|US7069185||Aug 30, 2000||Jun 27, 2006||Wilson Diagnostic Systems, Llc||Computerized machine controller diagnostic system|
|US7093168||Sep 9, 2002||Aug 15, 2006||Honeywell International, Inc.||Signal validation and arbitration system and method|
|US7197168||Jul 12, 2002||Mar 27, 2007||Atrua Technologies, Inc.||Method and system for biometric image assembly from multiple partial biometric frame scans|
|US7206965||May 23, 2003||Apr 17, 2007||General Electric Company||System and method for processing a new diagnostics case relative to historical case data and determining a ranking for possible repairs|
|US7209814||Mar 12, 2004||Apr 24, 2007||The Boeing Company||Diagnostic system and method for enabling multistage decision optimization for aircraft preflight dispatch|
|US7257515 *||Mar 3, 2004||Aug 14, 2007||Hewlett-Packard Development Company, L.P.||Sliding window for alert generation|
|US7409594||Jul 6, 2004||Aug 5, 2008||Intel Corporation||System and method to detect errors and predict potential failures|
|US7415328 *||Oct 4, 2004||Aug 19, 2008||United Technologies Corporation||Hybrid model based fault detection and isolation system|
|US7440862 *||May 10, 2004||Oct 21, 2008||Agilent Technologies, Inc.||Combining multiple independent sources of information for classification of devices under test|
|US7451021 *||May 6, 2004||Nov 11, 2008||Edward Wilson||Model-based fault detection and isolation for intermittently active faults with application to motion-based thruster fault detection and isolation for spacecraft|
|US7457969||Jan 21, 2005||Nov 25, 2008||Intel Corporation||Computer system monitoring|
|US7584420||Oct 5, 2004||Sep 1, 2009||Lockheed Martin Corporation||Graphical authoring and editing of mark-up language sequences|
|US7599688 *||Nov 29, 2005||Oct 6, 2009||Alcatel-Lucent Usa Inc.||Methods and apparatus for passive mid-stream monitoring of real-time properties|
|US7600007||May 23, 2000||Oct 6, 2009||Computer Associates Think, Inc.||Method and apparatus for event correlation in service level management (SLM)|
|US7725570||May 23, 2000||May 25, 2010||Computer Associates Think, Inc.||Method and apparatus for component to service mapping in service level management (SLM)|
|US7725571||May 23, 2000||May 25, 2010||Computer Associates Think, Inc.||Method and apparatus for service analysis in service level management (SLM)|
|US7730172||May 23, 2000||Jun 1, 2010||Computer Associates Think, Inc.||Method and apparatus for reactive and deliberative service level management (SLM)|
|US7751595||Feb 16, 2007||Jul 6, 2010||Authentec, Inc.||Method and system for biometric image assembly from multiple partial biometric frame scans|
|US7752468||Jun 6, 2006||Jul 6, 2010||Intel Corporation||Predict computing platform memory power utilization|
|US7774651||Jan 7, 2008||Aug 10, 2010||Intel Corporation||System and method to detect errors and predict potential failures|
|US7801702 *||Nov 30, 2004||Sep 21, 2010||Lockheed Martin Corporation||Enhanced diagnostic fault detection and isolation|
|US7823062||Nov 21, 2006||Oct 26, 2010||Lockheed Martin Corporation||Interactive electronic technical manual system with database insertion and retrieval|
|US7865278 *||Jun 14, 2006||Jan 4, 2011||Spx Corporation||Diagnostic test sequence optimization method and apparatus|
|US8024610||Nov 15, 2007||Sep 20, 2011||Palo Alto Research Center Incorporated||Diagnosing intermittent faults|
|US8140913 *||Jun 11, 2008||Mar 20, 2012||Hitachi, Ltd.||Apparatus and method for monitoring computer system, taking dependencies into consideration|
|US8239094||Apr 23, 2008||Aug 7, 2012||Spx Corporation||Test requirement list for diagnostic tests|
|US8386849 *||Jan 29, 2010||Feb 26, 2013||Honeywell International Inc.||Noisy monitor detection and intermittent fault isolation|
|US8412402||Apr 11, 2011||Apr 2, 2013||Spx Corporation||Vehicle state tracking method and apparatus for diagnostic testing|
|US8417432||Apr 30, 2008||Apr 9, 2013||United Technologies Corporation||Method for calculating confidence on prediction in fault diagnosis systems|
|US8423226||Jun 14, 2006||Apr 16, 2013||Service Solutions U.S. Llc||Dynamic decision sequencing method and apparatus for optimizing a diagnostic test plan|
|US8428813||Aug 19, 2009||Apr 23, 2013||Service Solutions Us Llc||Dynamic decision sequencing method and apparatus for optimizing a diagnostic test plan|
|US8621305||Jul 8, 2010||Dec 31, 2013||Honeywell International Inc.||Methods systems and apparatus for determining whether built-in-test fault codes are indicative of an actual fault condition or a false alarm|
|US8648700||Jun 23, 2009||Feb 11, 2014||Bosch Automotive Service Solutions Llc||Alerts issued upon component detection failure|
|US8650411||Jul 6, 2009||Feb 11, 2014||Schweitzer Engineering Laboratories Inc.||Energy management for an electronic device|
|US8762165||Dec 31, 2010||Jun 24, 2014||Bosch Automotive Service Solutions Llc||Optimizing test procedures for a subject under test|
|US8862433||May 18, 2010||Oct 14, 2014||United Technologies Corporation||Partitioning of turbomachine faults|
|US9081883||Mar 5, 2013||Jul 14, 2015||Bosch Automotive Service Solutions Inc.||Dynamic decision sequencing method and apparatus for optimizing a diagnostic test plan|
|US9104409||Apr 1, 2010||Aug 11, 2015||Intel Corporation||Predict computing platform memory power utilization|
|US20040088100 *||Oct 31, 2002||May 6, 2004||Volponi Allan J.||Method for performing gas turbine performance diagnostics|
|US20040199307 *||Mar 12, 2004||Oct 7, 2004||Oscar Kipersztok||Diagnostic system and method for enabling multistage decision optimization for aircraft preflight dispatch|
|US20040250163 *||May 23, 2003||Dec 9, 2004||Roddy Nicholas Edward||System and method for processing a new diagnostics case relative to historical case data and determining a ranking for possible repairs|
|US20050125199 *||Jan 21, 2005||Jun 9, 2005||Intel Corporation, A California Corporation||Computer system monitoring|
|US20050143873 *||May 6, 2004||Jun 30, 2005||Edward Wilson||Model-based fault detection and isolation for intermittently active faults with application to motion-based thruster fault detection and isolation for spacecraft|
|US20050183007 *||Oct 5, 2004||Aug 18, 2005||Lockheed Martin Corporation||Graphical authoring and editing of mark-up language sequences|
|US20050197792 *||Mar 3, 2004||Sep 8, 2005||Michael Haeuptle||Sliding window for alert generation|
|US20050223288 *||Nov 30, 2004||Oct 6, 2005||Lockheed Martin Corporation||Diagnostic fault detection and isolation|
|US20050223290 *||Nov 30, 2004||Oct 6, 2005||Berbaum Richard D||Enhanced diagnostic fault detection and isolation|
|US20050240555 *||Dec 23, 2004||Oct 27, 2005||Lockheed Martin Corporation||Interactive electronic technical manual system integrated with the system under test|
|US20050251370 *||May 10, 2004||Nov 10, 2005||Li Jonathan Q||Combining multiple independent sources of information for classification of devices under test|
|US20060010352 *||Jul 6, 2004||Jan 12, 2006||Intel Corporation||System and method to detect errors and predict potential failures|
|US20090326784 *||Mar 27, 2007||Dec 31, 2009||Rolls-Royce Plc||Methods and Apparatuses For Monitoring A System|
|US20110191635 *||Jan 29, 2010||Aug 4, 2011||Honeywell International Inc.||Noisy monitor detection and intermittent fault isolation|
|EP0972252A1 †||Mar 23, 1998||Jan 19, 2000||Porta Systems Corporation||System and method for telecommunications system fault diagnostics|
|EP1653197A1 *||Oct 14, 2005||May 3, 2006||Agilent Technologies, Inc.||Method for comparing a value to a threshold in the presence of uncertainty|
|WO1997002528A1 *||Jun 25, 1996||Jan 23, 1997||Bell Communications Res||Method and system for an architecture based analysis of software quality|
|WO1998006103A1 *||Aug 6, 1997||Feb 12, 1998||Micron Technology Inc||System for optimizing memory repair time using test data|
|WO1998055904A1 *||May 11, 1998||Dec 10, 1998||Caterpillar Inc||Method and apparatus for predicting a fault condition|
|WO2002078262A1 *||Mar 21, 2002||Oct 3, 2002||Micromuse Inc||Method and system for reducing false alarms in network fault management systems|
|WO2003007121A2 *||Jul 12, 2002||Jan 23, 2003||Icontrol Transactions Inc||Method and system for determining confidence in a digital transaction|
|WO2008143701A1 *||Nov 26, 2007||Nov 27, 2008||Kleer Johan De||Diagnosing intermittent faults|
|WO2010027559A1 *||Jul 8, 2009||Mar 11, 2010||Schweitzer Engineering Laboratories, Inc.||Energy management for an electronic device|
|U.S. Classification||702/185, 706/911, 714/736, 714/25, 714/E11.148, 700/79|
|Cooperative Classification||Y10S706/911, G06F11/2273|
|Oct 24, 1991||AS||Assignment|
Owner name: GENERAL ELECTRIC COMPANY, A CORP. OF NY
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST.;ASSIGNORS:DOSKOCIL, DOUGLAS C.;OFFT, ALAN M.;REEL/FRAME:005894/0322
Effective date: 19911018
|Jul 13, 1994||AS||Assignment|
Owner name: MARTIN MARIETTA CORPORATION, MARYLAND
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GENERAL ELECTRIC COMPANY;REEL/FRAME:007046/0736
Effective date: 19940322
|Jul 14, 1997||AS||Assignment|
Owner name: LOCKHEED MARTIN CORPORATION, MARYLAND
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MARTIN MARIETTA CORPORATION;REEL/FRAME:008628/0518
Effective date: 19960128
|Aug 15, 1997||FPAY||Fee payment|
Year of fee payment: 4
|Oct 2, 2001||REMI||Maintenance fee reminder mailed|
|Mar 8, 2002||LAPS||Lapse for failure to pay maintenance fees|
|May 7, 2002||FP||Expired due to failure to pay maintenance fee|
Effective date: 20020308